Linux Pocket Guide

Book Description

O'Reilly's Pocket Guides have earned a reputation as inexpensive, comprehensive, and compact guides that have the stuff but not the fluff. Every page of Linux Pocket Guide lives up to this billing. It clearly explains how to get up to speed quickly on day-to-day Linux use. Once you're up and running, Linux Pocket Guide provides an easy-to-use reference that you can keep by your keyboard for those times when you want a fast, useful answer, not hours in the man pages. Linux Pocket Guide is organized the way you use Linux: by function, not just alphabetically. It's not the 'bible of Linux; it's a practical and concise guide to the options and commands you need most. It starts with general concepts like files and directories, the shell, and X windows, and then presents detailed overviews of the most essential commands, with clear examples. You'll learn each command's purpose, usage, options, location on disk, and even the RPM package that installed it. The Linux Pocket Guide is tailored to Fedora Linux--the latest spin-off of Red Hat Linux--but most of the information applies to any Linux system. Throw in a host of valuable power user tips and a friendly and accessible style, and you'll quickly find this practical, to-the-point book a small but mighty resource for Linux users.

Customer Reviews:

An excellent reference.......2007-03-25

This book is exactly the type of excellent work one comes to expect from O'Reilly. Tons on useful information in a handy pocket reference size. I bought it because I had been away from Linux for awhile and was rusty on all of the commands. This filled the bill perfectly.

good handbook.......2007-03-17

A good, standard handbook for Fedora and other Linux flavors. A good reference when you already know the OS and need a reference back to refresh your memory on command syntax, etc

Great Product!.......2007-03-08

This book has helped me to have a better understanding of the Linux commands.

Best reference book for Linux.......2007-01-15

This is the second copy of this book that I have. It is true that in the latest distributions of Linux (Suse 10, Fedora 6 or Ubuntu 6.+) you do not need to enter almost any command via the terminal, but there are two main reasons to learn to use the terminal line:
1. you want to become a power user and customize your linux distro, or
2. as an open source system, you are likely to broke something trying to install the latest applications, as Beryl for example, and you broke the graphical server.
In both cases, this book is a must have.
You can have access the same (or more) information via the 'man' command, but is useful to have some writen examples on how to use some commands. This book is very well organized and the size is really 'pocket'. It is a little outdated (2004) and oriented to Fedora (I'm an Ubuntu user), but useful anyway.

If you own one reference book for Linux, this should be it........2007-01-06

I am a linux newbie, though I have an extensive computer background in other operating systems, and I wanted a comprehensive, yet brief reference book for Linux. This is indespensible! I have other detailed, how-to Linux books, but this is the one I continue to use on a regular basis. THe book is arranged in a very logical way, and the table of contents in conjunction with the index allows me to quickly find the command I need. Essentially all Linux commands are included, and for a given command, the most commonly used options are explained.

If I need more detail, and I infrequently do, I can go to those other books, or most likely I just use Linux available documentation (command help, man pages, etc.)

Alot of information for just a few bucks -- again, indispensible!

Average customer rating:

Very limited viewpoint!
The best backup book available, but I have requests for the next edition
An excellent reference
These are basic references any serious computer collection needs.
Backup, backup, backup!

Backup & Recovery
W. Curtis Preston
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Networking | Microsoft | Computers & Internet | Subjects | Books

General | Unix & Linux | O'Reilly | By Publisher | Books

Linux | Unix & Linux | O'Reilly | By Publisher | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

ASIN: 0596102461

Book Description

Packed with practical, freely available backup and recovery solutions for Unix, Linux, Windows, and Mac OS X systems -- as well as various databases -- this new guide is a complete overhaul of Unix Backup & Recovery by the same author, now revised and expanded with over 75% new material.

Backup & Recovery starts with a complete overview of backup philosophy and design, including the basic backup utilities of tar, dump, cpio, ntbackup, ditto, and rsync. It then explains several open source backup products that automate backups using those utilities, including AMANDA, Bacula, BackupPC, rdiff-backup, and rsnapshot. Backup & Recovery then explains how to perform bare metal recovery of AIX, HP-UX, Linux, Mac OS, Solaris, VMWare, & Windows systems using freely-available utilities. The book also provides overviews of the current state of the commercial backup software and hardware market, including overviews of CDP, Data De-duplication, D2D2T, and VTL technology. Finally, it covers how to automate the backups of DB2, Exchange, MySQL, Oracle, PostgreSQL, SQL-Server, and Sybase databases - without purchasing a commercial backup product to do so.

For environments of all sizes and budgets, this unique book shows you how to ensure data protection without resorting to expensive commercial solutions. You will soon learn to:

Automate the backup of popular databases without a commercial utility
Perform bare metal recovery of any popular open systems platform, including your PC or laptop
Utilize valuable but often unknown open source backup products
Understand the state of commercial backup software, including explanations of CDP and data de-duplication software
Access the current state of backup hardware, including Virtual Tape Libraries (VTLs)

Customer Reviews:

Very limited viewpoint!.......2007-09-24

I have used many backup utilities in linux, Unix, Windows, and found this book to be only a very basic view of the backup, DR realm.

The best backup book available, but I have requests for the next edition.......2007-07-08

W. Curtis Preston is the king of backups, and his book Backup and Recovery (BAR) is easily the best book available on the subject. Preston makes many good decisions in this book, covering open source projects and considerations for commercial solutions. Tool discussions are accompanied by sound advice and plenty of short war stories. If the author addresses the few concerns I have in his next edition, that should be a five star book.

The best aspect of BAR is the author's obvious expertise in this subject. He does a good job sharing lots of his knowledge with the reader. Probably the most valuable conceptual framework I learned in BAR is the difference between backups and archives. Pages 696-7 summarize this nicely: "Backups are the secondary copy of primary data... Archives are the primary copy of secondary data." In this section and elsewhere, Preston describes how archives are the repository one should create when answering ediscovery requests and similar queries -- not backups. This is an extremely powerful idea and I plan to see how my employer deals with this issue.

The second best aspect of BAR involves multiple chapters on backing up various databases. One can usually find similar coverage in single books on specific databases, but having all information in one book is useful for purposes of comparison. Chapter 15 provides an overview of the entire problem by discussing terminology and features found in many databases. This chapter helps storage admins understand the database admin world. Of particular note was the coverage of Microsoft Exchange, which the book calls a specialized database. I had not thought of Exchange in this light, but it's true -- especially when Microsoft indicates future versions will have SQL Server replacing Extensible Storage Engine. I only read chapters on SQL Server, Exchange, and MySQL.

The third best aspect of BAR includes OS-specific chapters on bare-metal recovery. Although my OS of choice (FreeBSD) didn't merit its own chapter, I felt the material in the bare-metal section was robust enough to help me perform this work if necessary. I really only read the chapters on Windows/Linux and ignored Solaris, HP-UX, AIX, and Mac OS X.

BAR is a good book, so why not five stars? First, I thought the chapters on open source backup options (especially ch 7 on "Open-Source Near CDP") were weak. I wanted to learn a lot more about rdiff-backup, for example, but the tool merited about 5 pages and introduced only the simplest possible invocation. Rsnapshot was also undercovered. It seemed like too many pages were spent on utilities I would probably never use (given newer options) like dump and cpio. I was also not confident I could get very far with Amanda, BackupPC, or Bacula given the detail given to each open source product. (Regarding BackupPC -- I had to guess it was open source and then only found out the truth when its Web site at sf.net was mentioned late in the chapter!)

Second, some topics never really made sense. For example, I still do not understand how snapshots actually work. Calling it a "picture" means nothing to me. Snapshots are mentioned throughout the text, and the explanation that finally appears near the end of the book in a miscellanea chapter doesn't help.

Third, I would really have liked to hear more about services offering backup to the Internet, like Amazon's S3 and others. This MUST be covered in the next edition.

Finally, although the book has lots of advice, it would have been nice to have had a case study chapter where multiple example enterprises demonstrate their backup and recovery solutions. After finishing the book I have lots of ideas floating around, but seeing how a one-person, 100-person, 10,000-person, and 500,000-person environment implement BAR would be greatly appreciated.

An excellent reference.......2007-05-04

In the realm of important things in the world of computers are good backups and equally important is the ability to properly restore those backups. My initial attraction to this book had to do with it being tapered toward open system solutions. I am an avid user of Linux and open-source software, so I was interesting in learning about the free tools that the author writes about.

The author starts out by discussing "The Philosophy of Backup" which covers why backups are so important and how you to find a solution that both meets your needs and your budget. Chapter two goes over what to backup, how often and at what levels. It also discussed what types of disaster to be prepared for, automation, storage, testing and things to look out for on various OS's.

Chapters 3-7 cover open-source backup utilities. In chapter three the author discusses and provides examples of how to use basic utilities such as dump, cpio, tar and dd for Unix systems, ntbackup and System Restore for the Window's crowd, ditto for Mac, and the GNU versions of tar, cpio, and rsync. Chapter's 4-6 discuss Amanda, BackupPC and Bacula. Chapter seven digs into near-continuous data protection and how the open-source community is achieving this, and what tools to use.

By chapter 8 and 9 the author is discussing commercial backup solutions. This section is different from the last in that it doesn't really discuss specific tools and how to use them, but rather it discusses the features of commercial products. This section also covers the various types of backup hardware on the market in an effort to help the reader decide what media best meets their needs.

Chapters 10-14 covers "Bare-Metal Recovery". The author takes you through the process of a bare-metal recovery with Solaris, Linux, Windows, HP-UX, AIX, and Mac OS X.

By chapters 15-22 the author has moved on to database backups and takes you through the various solutions for Oracle, Sybase, IBM DB2, SQL Server, Exchange, PostegreSQL, and MySQL. Finally the author wraps up the book with VMware server backup solutions and discussing data protection.

CONCLUSION
--
I found this book to be a very interesting read. I especially enjoyed the open-source, bare-metal recovery, and database sections. The author does an excellent job of taking the reader through all of the steps including example syntax needed to perform a backup and restore with the various tools discussed. Another high point is that the author includes current tools and techniques. This book holds lots of real world wisdom and I would recommend it to any system administrator, developer, or user who is interested in protecting their data.

These are basic references any serious computer collection needs........2007-04-11

W. Curtis Preston's BACKUP & RECOVERY offers solid hands-on keys to backing up data and recovering from a systems crash - all without using commercial software. From Linux and Windows and Mac OS systems, it surveys backup tools, open-source resources, criteria for evaluating systems and operations, and lessons and tricks to overcome common obstacles, making it a system administrator's top desk reference as well as a pick for libraries catering to this audience. These are basic references any serious computer collection needs.

Backup, backup, backup!.......2007-03-24

Backup and Recovery

If you ever are faced with a technical problem in your IT career, turn to O'Reilly publications and pick a book on the topic. The cover of this book fully describes its content: Inexpensive Backup Solutions for Open Systems.
I was recently faced with the task of backing up MySQL databases, along with setting up reliable backup tools on client's Linux server and Windows workstations. The book helped me find all the answers; it's filled with good and practical information and is supplemented with a "healthy doze" of real life examples and anecdotes.
A good number of backup tools are discussed along with configuration examples and automation procedures. Oracle, HP-UX, Windows, Linux... All you need is here.

Penetration Tester's Open Source Toolkit

Average customer rating:

Great book
good introduction
Solid Penetration Testing Book
Excellent reference.
Good review of currently available software

Penetration Tester's Open Source Toolkit
Charl Van Der Walt , HD Moore , Roelof Temmingh , Haroon Meer , Johnny Long , Chris Hurley , and James Foster
Manufacturer: Syngress
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

Intranets & Extranets | Networking | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Operating Systems | Computers & Internet | Subjects | Books

General | Education | Nonfiction | Subjects | Books

General | Education | Professional & Technical | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

Look Inside Nonfiction Books | Trip | Specialty Stores | Books

All Amazon Upgrade | Amazon Upgrade | Stores | Books

Computers & Internet | Amazon Upgrade | Stores | Books

Nonfiction | Amazon Upgrade | Stores | Books

Professional & Technical | Amazon Upgrade | Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 1597490210
Release Date: 2005-06-01

Book Description

Penetration testing a network requires a delicate balance of art and science. A penetration tester must be creative enough to think outside of the box to determine the best attack vector into his own network, and also be expert in using the literally hundreds of tools required to execute the plan. This book provides both the art and the science.

The authors of the book are expert penetration testers who have developed many of the leading pen testing tools; such as the Metasploit framework. The authors allow the reader inside their heads to unravel the mysteries of thins like identifying targets, enumerating hosts, application fingerprinting, cracking passwords, and attacking exposed vulnerabilities. Along the way, the authors provide an invaluable reference to the hundreds of tools included on the bootable-Linux CD for penetration testing.

* Covers both the methodology of penetration testing and all of the tools used by malicious hackers and penetration testers

* The book is authored by many of the tool developers themselves

* This is the only book that comes packaged with the "Auditor Security Collection"; a bootable Linux CD with over 300 of the most popular open source penetration testing tools

Customer Reviews:

Great book.......2007-08-23

Great starter book into Pen Testing. Big book with lots of information. Great book to read to prepare to start your CEH or CISSP studies.

good introduction.......2007-02-22

If you live and breathe IT security, this books is for you. I would like to somewhat disagree with some of the earlier reviewers. I don't think this book was intended to be "the one and only" penetration toolkit manual. However, what it does do - it introduces one to the world of penetration testing providing enough information and examples on a wide variety of tools. A lot of great subjects are covered, such as reconnaissance, enumeration, scanning, web application testing, wireless penetration and more. It's a very insightful read, even for those who are just researching in the area of security. It will open your eyes on many aspects of information security. The CD itself is a good resource, but you may need to update some applications by now. Nessus signatures do get updated regularly.

Solid Penetration Testing Book.......2007-02-06

At around 700 pages in size, the 'Penetration Tester's Open Source Toolkit' by Johnny Long is a solid reference material which is a nice pickup for anyone that is concerned with this subject matter. As with all Syngress books, you aren't buying these for the highest quality paper or design, but rather the material within. This is a solid book that most users should find helpful in their jobs.

**** RECOMMENDED

Excellent reference........2007-01-22

If you are going to do any work in the Information Assurance world you will want to add this book to your shelf and keep it handy. The authors of this book know the topics and present information clearly.
Each chapter is a stand-alone lesson, and all chapters build on each other to create a big-picture of exploiting any network and reporting results. The CD that comes with the book gives you excellent tools to start or fill out your library. Some are getting dated as of this writing, but all are still solid tools that you can update once you've learned them.
I highly recommend this book!

Good review of currently available software.......2006-09-25

Title: Penetration Tester's Open Source Toolkit
Author: Johnny Long, Aaron Bayles, James Foster, Chris Hurley, Mike Petruzzi Noam Rathaus, Mark Wolfgang
Publisher: Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Copyright: 2006
ISBN: 1597490210
Pages: 678 plus appendix and index

This book not only covers what tools are available for penetration testing but also details how to use them to effectively test the system. Some of the tools, such as whois and ping, will be very familiar to the Linux user and most power users of other operating systems. Other tools are less familiar but very powerful and a real insight into what can be done to gather information on a system before attempting to penetrate it. Part of what makes this book really interesting is the way the authors approach this subject. They don't walk the reader through all the details of a handful of tools but instead they take a task-oriented approach. For example they go first through enumerating and scanning a system, then testing databases, web server testing, web application testing, wireless penetration and network devices. They then end this section with information about writing open source security tools. Chapter 8 starts a section on the Open Source vulnerability scanner Nessus. It automatically finds many problems in the system by trying to penetrate it using various scripts. The results are captured and the generated reports detail the information it was able to obtain. This is a very powerful testing product and one of the most common ones you will find in the marketplace.
The authors detail how to set up a Nessus client and server, scan the system and understand the results. Although almost three hundred pages are dedicated to Nessus it is a very powerful and highly configurable program that can consume a full book by itself to use its full potential. Penetration Tester's Open Source Toolkit is highly recommended, insightful, and very interesting to read and experiment with.

Average customer rating:

Best for Nagios admins who want specific details on plug-ins
A nice solid Nagios introduction a la No Starch Press

Nagios: System and Network Monitoring
Wolfgang Barth
Manufacturer: No Starch Press
ProductGroup: Book
Binding: Paperback

Network Security | Networking | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Certification Central | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Operating Systems | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

ASIN: 1593270704

Book Description

Nagios: System and Network Monitoring shows how to configure and use Nagios, an open source system and network monitoring tool. Nagios makes it possible to continuously monitor network services (SMTP, POP3, HTTP, NNTP, PING, etc.), host resources (processor load, disk and memory usage, running processes, log files, etc.), and environmental factors (such as temperature). When Nagios detects a problem, it communicates the information to the sys admin via email, pager, SMS, or other user-defined method; current status information, historical logs, and reports can also be accessed via a web browser. Nagios System and Network Monitoring covers the Nagios core, all standard Nagios plug-ins and selected third-party plug-ins, and shows readers how to write their own plug-ins. The book covers Nagios 2.0 and is backwards compatible with earlier versions.

Customer Reviews:

Best for Nagios admins who want specific details on plug-ins.......2006-09-04

I recently received review copies of Pro Nagios 2.0 (PN2) by James Turnbull and Nagios: System and Network Monitoring (NSANM) by Wolfgang Barth. I read PN2 first, then NSANM. Both are excellent books, but I expect potential readers want to know which is best for them. The following is a radical simplification, and I could honestly recommend readers buy either (or both) books. If you are completely new to Nagios and want a very well-organized introduction, I recommend PN2. If you are somewhat familiar with Nagios and want detailed descriptions of a wide variety of Nagios plug-ins, I recommend NSANM.

NSANM strengths lie in the depth of coverage of certain elements when compared to PN2. PN2 devotes 7 pages to host checks, while NSANM's Ch 7 offers 21 pages. PN2 supplies 8 pages on service checks, but NSANM's Ch 6 gives 46 pages. This level of detail can be very useful. For example, NSANM's explanation of check_squid also shows to to configure Sguid to allow access to its cache manager.

NSANM shares more information on certain background protocols like SNMP. PN2's SNMP section is about 7 pages, whereas NSANM's Ch 11 is 36 pages. NSANM demonstrates more aspects of Nagios' Web interface and the CGI programs generating pages. I thought author Wolfgang Barth made very effective use of diagrams, like the network topology explanation in Ch 4, the service checks in Ch 5, and notification in Ch 12.

NSANM includes some material not mentioned in PN2, like using Nagios with Cygwin. Sometimes the books are very complementary, as shown by PN2's discussion of NSClient++ and NSANM's overview of NSClient and NC_Net.

NSANM is lacking coverage of security, redundancy, and failover, however. PN2 does address these critical issues. Beware the some of the "chapters" in NSANM are very short -- like Ch 8 (2 pages!) and Ch 19 (barely 6 pages). I think short sections like those should have been integrated into longer chapters or moved into the appendices.

Overall, NSANM is a very good book. I believe new Nagios readers should read PN2, and strongly consider NSANM as a complementary reference volume.

A nice solid Nagios introduction a la No Starch Press.......2006-07-25

Bookspecs:
70+ plugins described !!
464 pages

The book (in a typical No Starch Press style) gives a clear, concise rundown about Nagios in general.
As such it is a well written and sound introduction to the Nagios topic.

After having read No Starch*s Nagios book you will know exactly how Nagios works inside.
The thorough explanations, flow charts and many tips and tricks leave no doubt that after you
finished the book you know your way around any Nagios installation.

What is remarkable is, that even though the Nagios topic is fairly young, the authors manage
to describe more than 70+ plugins. !!

One of the features of this book was for me basically a new level of "Usability" - or should I
say "reading quality" ? The text contains virtually "links" to related or refered to sections in
other chapters. That allows the reader to quickly jump back and forth to follow up on something.
A BIG time-saver and from my point of view much appreciated.

Beginners or junior system administrators will find No Starch's Nagios book an excellent choice.
It doesnt come with all the latest bells and whistles but it certainly covers more than 80% of
what the average joe sysadmin needs to know.

>> Please find a more detailed review and book comparisons by deploying my profile. < <

Average customer rating:

Ding, Ding, We have a winner.
Must-Read Info For Linux Admins
Don't have this book? You're BEGGING for trouble...
The best hands-on Linux security book just got better
Great book.

Hacking Linux Exposed, Second Edition
Brian Hatch , and James Lee
Manufacturer: McGraw-Hill Osborne Media
ProductGroup: Book
Binding: Paperback

Hacking | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Linux Security | Security & Encryption | Computers & Internet | Subjects | Books

Look Inside Business Books | Trip | Specialty Stores | Books

Look Inside Computer Books | Trip | Specialty Stores | Books
Similar Items:

ASIN: 0072225645

Amazon.com

"Throw up a Linux box," comes the chorus whenever there's a need to provide some network service or other without impinging upon the boss's martini budget. Fair enough, but by doing so are you opening security holes you don't know how to find or fix? The newest edition of Hacking Linux Exposed helps you answer that question and solve many of the security problems you find. To a certain extent this book is a recipe collection in that it describes weaknesses in Linux (calling attention to specific distributions where appropriate). The authors stop short of explicitly showing you how to wage most kinds of attacks, a reasonable thing to do from an ethical point of view even though the instructions can be found easily on the Internet. Rather than do that, they give step-by-step instructions on how to defend against the attacks they catalog. The point is not, "Here's precisely how to bring down a server by means of an ACK storm," but rather, "Here's how to defend against such problems." They do demonstrate plenty of weaknesses, though, as in their coverage of the conversation that goes back and forth between an FTP server and its client.

This book covers pretty much everything you'd want to do with a Linux machine as a network server. Read it and see some of the weaknesses in your system--and do something about them before someone else does. --David Wall

Topics covered: Security best practices, approached from the perspective of what can go wrong and what can be done about the problems. Specific coverage goes to all major services, including user management, FTP, HTTP, and firewalling.

Book Description

Tighten holes and maintain security on your Linux system! From the publisher of the international best-seller, Hacking Exposed: Network Security Secrets & Solutions, comes this must-have security handbook for anyone running Linux. This up-to-date edition shows you how to think like a Linux hacker in order to beat the Linux hacker. You'll get detailed information on Linux-specific hacks, both internal and external, and how to stop them.

Customer Reviews:

Ding, Ding, We have a winner........2005-11-10

First, this book does _NOT_ have a installation walk through...YES!!!

You will not find another book this comprehensive in the length in HLE has accomplished. i found the book to be on point, and not overdrawn on any specific topic. The authors usage of gender is something of a mystery aswell. For the first 10 chapters or so the cracker is a woman, then in later chapters it becomes a man, then in even later chapters a woman, then back to a man :-).

i found the book to be very well written, it feels like a very good naration. There is only a few plugs of direct humor (1 about using word for the publisher, another about the shortest sentence using all letters) but these few are lightening.

Technically this book is sound. it does very good in keeping the basics of security alive through the book (chattr +i, only use what you need, upgrade, etc...). This is very helpful to a beginer for reinforced learning. The software packages it mentions for firewalls, logging, etc. are very nice and descriptive.

All around great book. BTW, did i mention that is does _NOT_ cover a Linux installation from CD/DVD? That alone should be enough to buy it.

Must-Read Info For Linux Admins.......2005-02-10

The Hacking Exposed books have set the bar for this genre of security book. Hacking Linux Exposed - 2nd Edition doesn't fail in meeting that bar as well. If you've read Hacking Exposed - 4th Edition and think this book can't tell you anything you don't already know- think again. For those who administer Linux boxes this book provides an in-depth look at specific hacks and vulnerabilities unique to the Linux operating system and the accompanying fixes and workarounds to protect yourself. The book is overflowing with examples and sample commands that users can immediately put to use to better understand the risks and how to mitigate them. Hacking Exposed is a must-read for security- this book is a must-read for Linux security.

(...)

Don't have this book? You're BEGGING for trouble..........2003-05-01

When I first starting using Linux systems and putting them online I had NO idea what sort of grief I was in for. The reason for that grief: I had NO clue how to 'harden' a system or what that term even meant. By not knowing that I put up systems that were quickly exploited by script kiddies and SPAM houses looking for open relays to use for SPAM and for 'zombies' to use in Distributed Denial of Service (DDoS) attacks. I bought this book, read it, and haven't had those problems since. If you are going to do *anything* with Linux on the internet then GET THIS BOOK NOW. Unless, of course, you *want* to have your computers destroyed on a weekly basis...

The best hands-on Linux security book just got better.......2003-03-10

I'm a big fan of the Hacking Exposed style of writing. All offensive theory is backed up by command line examples, followed by defensive countermeasures. Hacking Exposed: Linux, 2nd Ed (HE:L2E) follows this tradition, updating the content of the first edition and adding 200 pages of new content. Although I reviewed the first edition in Sep 01, reading the second edition reminded me of the challenges posed by securely configuring and deploying Linux systems.

The best way to learn while reading HE:L2E is to try the sample commands. I also recommend visiting the links mentioned and installing many of the tools described by the authors. I found programs like raccess, nsat (ch. 3), sslsniff (ch. 7), nstx, and httptunnel (ch. 15) particularly interesting from an attacker's point of view. From a system administration standpoint, coverage of passlogd (ch. 2), lilo and grub (ch. 5), and X (ch. 6) were very helpful.

The authors share many novel ways to abuse Linux systems, but counter those exploits with little-known features or third-party tools. I never knew I could use bash's HISTCONTROL feature to selectively remove entries from shell history files. HE:L2E goes the extra mile to help secure your system, such as including sample C code in ch. 13 to allow one to compile TCP Wrappers support into one's own programs. Other clear, concise defensive measures were introduced in excellent chapters on keeping the kernel and packages current (appendix B) and pro-active security measures (ch. 2). The last appendix gives a short yet powerful description of the damage an intruder can perform, showing how he hid unauthorized programs and how those programs were discovered.

If you use Linux, you'll find HE:L2E indispensable. I even applied many of the tools and techniques to my FreeBSD system, showing that that good security advice can be a cross-platform endeavor.

Great book........2003-03-08

I just finished going through the entire book line by line. I am extreemly new to Linux and security, and this book made it all very clear. I only wish I realized that there was a second edition out when I bought this one. Everything in this original edition was still completely correct and appropriate, three years later.

SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series)

Average customer rating:

Policies, policies, policies
is it germane to your usage of linux?

SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series)
Frank Mayer , Karl MacMillan , and David Caplan
Manufacturer: Prentice Hall PTR
ProductGroup: Book
Binding: Paperback

Network Security | Networking | Computers & Internet | Subjects | Books

General | Operating Systems | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Linux Security | Security & Encryption | Computers & Internet | Subjects | Books

Look Inside Computer Books | Trip | Specialty Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0131963694

Customer Reviews:

Policies, policies, policies.......2006-12-04

--- DISCLAIMER: This is a requested review by PTR, however any opinions expressed within the review are my personal ones. ---

The book SbE comes in 3 parts and additionally with 45 page strong Appendix
containing more detailed information where to get additonal information from.

Part I - A general overview (p. 1-55)
Part II - The SELinux Policy language (p. 57-236)
Part III - Creating and writing SELinux Security Policies (p. 237 - 362)
Appendix A (p. 364 - 409)

The book is mainly about policies itself and how to implement them.
Writing those policies is most of the time a time intensive and error prone task.

Readers planning on understanding SELinux should bring some time with them to fully understand and appreciate
the examples given for the "example" policy (f.e. strict or targeted) and the "reference" policy.

Whats going to prove useful is the hints given towards which trade-offs you may need to take when deciding
f.e. to use the strict policy. While the topic itself might seem dry for many readers the book will prove
useful for those genuinely interested.

The book does describe the most useful tools to put the reader straight on track and avoid loosing time.
The lovely prepared useful details like the 17 page index are a nice feature you will find yourself refering
to when in need. Some readers might find that they better leave the setup of SELinux to professional service
companies, but still the book serves to get an understanding what you can and possibly cant do with SELinux.

The article "Secure Linux - security kit review" from Hakin9's online library serves as a nice compliment to the book.

is it germane to your usage of linux?.......2006-09-16

If you are a linux or unix user, then you're probably pretty familiar with the permissions settings on files. It's a basic methodology that is essentially unchanged over 20 years or more or unix development. But its shortcomings have been just as well known to unix experts over that time.

What Mayer et al demonstrate is that the latest linux 2.6 has a very interesting add-on. SELinux. It is incorporated by default. So if you're running linux 2.6, it's been present all along, hidden in the background. The book describes what it offers. A vastly improved and very granular security model. Based on the concept of type enforcement. It goes way beyond earlier implementations of Mandatory Access Control.

The book can be heavy sledding if all this is new to you. Luckily, it describes a neat GUI tool, apol, that you can run as root. It can greatly assist understanding the use and making of rules.

Most users and sysadmins of linux machines might still not require the active use of SELinux. There is a considerable investment in time needed, to understand and use it. Plus, most of the examples cited in the book refer to government or classified contexts. Outside these, you have to really ask yourself if it's germane to you.

Average customer rating:

A truly wonderful intro to Linux all around.
Excellent
Failed to answer a simple question
Not Extremely Helpful
essential

Running Linux
Matthias Dalheimer , and Matt Welsh
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

Network Security | Networking | Computers & Internet | Subjects | Books

General | Operating Systems | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Linux Security | Security & Encryption | Computers & Internet | Subjects | Books

General | Unix & Linux | O'Reilly | By Publisher | Books

Linux | Unix & Linux | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books
Similar Items:

ASIN: 0596007604

Amazon.com

Earlier editions of O'Reilly's Running Linux served as central guides on installing, configuring, and using the OS. The third edition of this guide covers the kernel through version 2.2.1 and will prove especially useful to those with high technical aptitudes and a well-tested willingness to experiment with their computing environments.

The explanation of how to rebuild the kernel--a particularly daunting task for many--deserves special praise, as do the sections on configuring network links and servers. Users will find that the informative, prose-heavy style packs maximum information into this book's pages. For example, the purpose of a Linux element is described and then the reader is shown various ways of using it, complete with explicit statements of what you type and what you get in response. Back this book up with a good command reference (Linux in a Nutshell is solid), and you'll be well on your way to Linux mastery. --David Wall

Topics covered: KDE and Gnome windowing systems; Samba, file, and system management; shells; windowing systems and networking; installation on Alpha, PowerPC, Motorola 680x0, and Sparc boxes.

Book Description

You may be contemplating your first Linux installation. Or you may have been using Linux for years and need to know more about adding a network printer or setting up an FTP server. Running Linux, now in its fifth edition, is the book you'll want on hand in either case. Widely recognized in the Linux community as the ultimate getting-started and problem-solving book, it answers the questions and tackles the configuration issues that frequently plague users, but are seldom addressed in other books.

This fifth edition of Running Linux is greatly expanded, reflecting the maturity of the operating system and the teeming wealth of software available for it. Hot consumer topics such as audio and video playback applications, groupware functionality, and spam filtering are covered, along with the basics in configuration and management that always have made the book popular.

Running Linux covers basic communications such as mail, web surfing, and instant messaging, but also delves into the subtleties of network configuration--including dial-up, ADSL, and cable modems--in case you need to set up your network manually. The book can make you proficient on office suites and personal productivity applications--and also tells you what programming tools are available if you're interested in contributing to these applications.

Other new topics in the fifth edition include encrypted email and filesystems, advanced shell techniques, and remote login applications. Classic discussions on booting, package management, kernel recompilation, and X configuration have also been updated.

The authors of Running Linux have anticipated problem areas, selected stable and popular solutions, and provided clear instructions to ensure that you'll have a satisfying experience using Linux. The discussion is direct and complete enough to guide novice users, while still providing the additional information experienced users will need to progress in their mastery of Linux.

Whether you're using Linux on a home workstation or maintaining a network server, Running Linux will provide expert advice just when you need it.

Customer Reviews:

A truly wonderful intro to Linux all around........2007-08-31

I would definitely recommend this book to anyone who is new to Linux and attempting to figure their way around. It's not a great book for those who just want the how-do-I-do-this-without-having-to-understand-anything-under-the-covers approach. If you want that I would recommend going with a book like Spring Into Linux (Valade), which is much more of a get you up to speed as fast as possible without teaching you much.

I like so far how much detail this book gives you, though the reason I haven't given it 5 out of 5 is simply because I feel like it's lacking detail in some key areas (most notably so far for me would be its sparse offerings in the NFS section). However, the book itself does not claim to be exhaustive. In fact, it claims to be just the opposite and admits early on that its goal is only to give you enough information to be dangerous and then point you towards better maps if you so choose. That in itself is one of the reasons I like the book. They really do, for the most part, give you tremendous little intros to topics that help you understand not only how to do something, but also why you're doing it that way, why linux may have been designed in that way, etc. etc.

So, in short, great book for an in-depth intro to linux. However, if you're looking to spend your money for a book that treats any topic very in depth, I would recommend going with any of the other books in this series from O'Reilly, because this book was not designed for that. Good luck with Linux!

Excellent.......2007-07-16

I was in a urgent need of some fairly serious Linux bootcamp. This book worked, and this is how:

I hadn't had any significant Linux experience prior to buying this book. Sure, I knew a few basic UNIX commands, who doesn't?

After installing Ubuntu it became clear that I simply will have to spend too much time googling solutions for every problem. I went ahead and bought this book, read it cover to cover in about two days, and my fluentness in Linux administration/programming has increased dramatically. I still have to google some specifics (like Postfix/MySQL integration issues), but most of what I needed for my work, was in this fairly thin book.

Note that it is not focused on any particular distribution, and most of the tasks are explained with several major distros in mind. I kind of appreciated that also, since it only reassured my decision to go with a Debian-based Ubuntu.

Failed to answer a simple question.......2007-01-15

I haven't used Unix/Linux for about ten years. I know there is a command that will tell me how full the disk drives are. I tried to find the answer in this book. I looked up every possibility I could think of in the index (no entries for disk, or drive by the way--you need to look for "hard drive"), and waded through the section of filesystems with no luck.

When I found elsewhere that I was looking for the DU command. I looked that up. It's in the book but as a digression in a section explaining redirection on the command line. The related DF command is not mentioned at all, at least in the index.

These are basic commands that should be well referenced.

Not Extremely Helpful.......2007-01-13

I bought this book because I am switching from Windows to Linux on my home network. I thought it might be quicker to learn the ins and outs with the book vs. surfing from place-to-place on the web. My experience with the book is not that great--it never provides enough information on any subject to answer the question I have. I always have to resort to the internet for enough information to solve the problem of the day. It might be o-k for general Linux information, but it won't get you up and running as a system administrator on a home network.

essential.......2007-01-08

I am a very new user to Linux, this book has helped me out a lot. There is tons of useful info on how to use all the important aspects of Linux. Read through some of the other reviews to get a better run down on this book, then go buy it. This is a book I refer to frequently.

SELinux: NSA's Open Source Security Enhanced Linux

Average customer rating:

Quite short
Good Introduction but lacks advanced, how-to information.
vastly improved implementation
One of the best on creating a secure Linux system
Timely, Accurate and Readable

SELinux: NSA's Open Source Security Enhanced Linux
Bill McCarty
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

Network Security | Networking | Computers & Internet | Subjects | Books

General | Operating Systems | Computers & Internet | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Linux Security | Security & Encryption | Computers & Internet | Subjects | Books

General | Unix & Linux | O'Reilly | By Publisher | Books

Linux | Unix & Linux | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0596007167

Book Description

The intensive search for a more secure operating system has often left everyday, production computers far behind their experimental, research cousins. Now SELinux (Security Enhanced Linux) dramatically changes this. This best-known and most respected security-related extension to Linux embodies the key advances of the security field. Better yet, SELinux is available in widespread and popular distributions of the Linux operating system--including for Debian, Fedora, Gentoo, Red Hat Enterprise Linux, and SUSE--all of it free and open source. SELinux emerged from research by the National Security Agency and implements classic strong-security measures such as role-based access controls, mandatory access controls, and fine-grained transitions and privilege escalation following the principle of least privilege. It compensates for the inevitable buffer overflows and other weaknesses in applications by isolating them and preventing flaws in one application from spreading to others. The scenarios that cause the most cyber-damage these days--when someone gets a toe-hold on a computer through a vulnerability in a local networked application, such as a Web server, and parlays that toe-hold into pervasive control over the computer system--are prevented on a properly administered SELinux system. The key, of course, lies in the words "properly administered." A system administrator for SELinux needs a wide range of knowledge, such as the principles behind the system, how to assign different privileges to different groups of users, how to change policies to accommodate new software, and how to log and track what is going on. And this is where SELinux is invaluable. Author Bill McCarty, a security consultant who has briefed numerous government agencies, incorporates his intensive research into SELinux into this small but information-packed book. Topics include:

A readable and concrete explanation of SELinux concepts and the SELinux security model
Installation instructions for numerous distributions
Basic system and user administration
A detailed dissection of the SELinux policy language
Examples and guidelines for altering and adding policies

With SELinux, a high-security computer is within reach of any system administrator. If you want an effective means of securing your Linux system--and who doesn't?--this book provides the means.

Customer Reviews:

Quite short.......2007-07-17

Really only skimming over the problem, could be more in depth, since most online documentation about SELinux is really skimming over the subject too, or just overly dated.

Good Introduction but lacks advanced, how-to information........2005-04-08

Personally, I prefer books to focus either concepts or detailed implementation instructions not both. For complex topics like SELinux, you typically cannot fit the conceptual and pragmatic within one book. McCarty's SELINUX is no exception. SELINUX provides an excellent overview of concepts but struggles with policy implementation methods and procedures. I suspect the topic is simply too large for one volume. What implementation advice presented is clear and concise but you will have to search elsewhere for more detailed deployment advice.

Despite these issues, this book is recommended reading for anyone considering implementing SELinux. The conceptual overview is some of the best I've seen since SELinux got its start. Using charts, diagrams and examples, McCarty presents an excellent overview of the nuts and bolts of SELinux. Understanding the principles of Role-Based Access Control, Type Enforcement, and Security Objects is critical to both using SELinux and justifying its use. The latter may be a bigger hurdle than many anticipate. The chapters on these areas will arm you with sufficient understanding to make a clear case of why SELinux can and should be implemented in many Linux-based computing environments.

While there are brief examples throughout, the book's third chapter on SELinux installation presents a well-documented, step-by-step guide to installing SELinux. If you've never installed SELinux, these sections will prove very valuable. With clearly numbered steps and command line examples, you can have SELinux installed and configured with a default policy within an hour.

As a mix between the pragmatic and conceptual, SELINUX is a good start on this topic. Entry level SELinux users will probably not learn too much from this book, but if your are looking for a introduction to SELinux concepts along with some pragmatic advice for getting started, then this book may be for you.

vastly improved implementation.......2005-03-13

Selinux is a conscious attempt to fundamentally rework and improve linux security. Previously, or more to the point, in most current linux machines, the security was somewhat of an ad hoc approach. This is mitigated by a formidable array of open source IDS tools like Ethereal and Snort that let a sysadmin often successfully depend her network and machines.

But as the frequency and virulence of malware attacks has increased, the Selinux of this book may be a timely reinforcing of the operating system. As McCarty explains, this book is geared towards a sysadmin, as opposed to a programmer. It discusses the new things you should know. Especially the concepts of role based access model and of domains. The former has shades of DEC's VMS, which had a very mature implementation. Or those of you with mainframe experience may also recognise familiar ideas.

Programmers may find the book a little sparse, as mentioned above. But possibly McCarty is devising a sequel for them.

One of the best on creating a secure Linux system.......2005-02-06

So what makes Selinux more secure than standard Linux? Primarily it is the implementation of role-based access control, sandboxing, and an audit facility that allows the system to log any attempts to exceed specified permissions. It does all this without conflicting with the normal permissions of Linux. If you are able to access a file through normal discretionary access control then the role-based mandatory access control provides additional security to determine if you can run the file or not. The only way to open a file is if both systems agree that you should be able to open it.

The author covers installation, configuration, administering, and setting up a security policy. The presentation of SeLinux is straightforward and the security model is presented in a writing style that makes it clear and understandable to the reader.

SeLinux: NSA's Open Source Security Enhanced Linux is highly recommended as both a Linux security solution and an excellent book on how to utilize all the resources of SeLinux.

Timely, Accurate and Readable.......2004-12-21

Bill McCarty's book is all of the above and the requirements have been met for a throughly enjoyable read.

You don't have to be a Linux geek to appreciate the security mechanisms that Information Assurance Directorate of the NSA and the myriad of contributors have helped to create.

These go way beyond IT systems decisions and at their base level represent good business management practice.

The days of using insecure, bloated operating systems to power your business are over. In this age of real competitive and even terroristic threats affecting your companies data, you owe it to your self to investigate the security mechanisms put forth in this book and give your business the competitive edge.

Average customer rating:

Great reference
Concise, handy reference for working SysAdmins
for sysadmins

Linux iptables Pocket Reference
Gregor N. Purdy
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

Network Security | Networking | Computers & Internet | Subjects | Books

General | Graphic Design | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Software | Computers & Internet | Subjects | Books

Linux Security | Security & Encryption | Computers & Internet | Subjects | Books

Pocket | Series | O'Reilly | By Publisher | Books

General | Unix & Linux | O'Reilly | By Publisher | Books

Linux | Unix & Linux | O'Reilly | By Publisher | Books

General | Programming | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books

Business & Culture | Computers & Internet | 4-for-3 Books Store | Stores | Books

General | Computers & Internet | 4-for-3 Books Store | Stores | Books

Networking | Computers & Internet | 4-for-3 Books Store | Stores | Books

Operating Systems | Computers & Internet | 4-for-3 Books Store | Stores | Books

Web Development | Computers & Internet | 4-for-3 Books Store | Stores | Books

All 4-for-3 Deals | 4-for-3 Books Store | Stores | Books
Similar Items:

ASIN: 0596005695

Book Description

Firewalls, Network Address Translation (NAT), network logging and accounting are all provided by Linux's Netfilter system, also known by the name of the command used to administer it, iptables. The iptables interface is the most sophisticated ever offered on Linux and makes Linux an extremely flexible system for any kind of network filtering you might do. Large sets of filtering rules can be grouped in ways that makes it easy to test them and turn them on and off. Do you watch for all types of ICMP traffic--some of them quite dangerous? Can you take advantage of stateful filtering to simplify the management of TCP connections? Would you like to track how much traffic of various types you get? This pocket reference will help you at those critical moments when someone asks you to open or close a port in a hurry, either to enable some important traffic or to block an attack. The book will keep the subtle syntax straight and help you remember all the values you have to enter in order to be as secure as possible. The book has an introductory section that describes applications,followed by a reference/encyclopaedic section with all the matches and targets arranged alphabetically.

Customer Reviews:

Great reference.......2005-01-06

Linux iptables Pocket Reference is a great book.

there is a dearth of info on Linux iptables, and this pocket reference is a great book!!

Concise, handy reference for working SysAdmins.......2004-09-24

'Linux iptables Pocket Reference' is an important and sorely needed reference to iptables, the interface to the Linux packetfilter used by System Admins to create firewalls, NAT routers, transparent proxies, and other 'magical' network devices. While not a tutorial, it offers good advice for those with a grasp of basic networking concepts, and a good notion of what a firewall is and what it is used for, in a dense and concise format. Sufficiently detailed information about the protocols involved obviate the need to keep additional references at hand, and make the work relatively self-contained. This should not be the first book you read about firewalls or tcp/ip, but if you are a networking professional, a technically oriented user, or just interested in creating special purpose network devices, this book belongs in your library. Those familiar with iptables will especially appreciate the lucid description of packet flow through the tables and chains, and the supporting diagrams ... they alone are worth the price of purchase.

If you have need for a book on the topic, you will not be disappointed with this one.

for sysadmins.......2004-09-18

This book is written for linux/unix sysadmins, not programmers. The topic of iptables is intimately related to guarding a network against intruders. A sysadmin task. Plus, the compact, pocketbook size lends itself to a common scenario.

You're a harried sysadmin in the machine room of your company, surrounded by racks of computers and cabling. Equipment everywhere and little room for you to prop up a regular sized text on intrusion detection. Quite possibly, the master console is some cheezy old monitor that you got stuck with. Or even worse, it is just a terminal. If the latter, it's really awkward to do a man on iptables and also run it, especially if you're in real time mode against an active intruder. In other words, what this book is ideal for.

Average customer rating:

Disappointed about the installation instructions.
Not Focused
For sys admins
Great Reference for New Server Admins
Very helpful

Linux Server Security
Michael D. Bauer
Manufacturer: O'Reilly Media, Inc.
ProductGroup: Book
Binding: Paperback

Privacy | Business & Culture | Computers & Internet | Subjects | Books

File Sharing | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books

Network Administration | Networking | Computers & Internet | Subjects | Books

General | Computers & Internet | Subjects | Books

Linux Security | Security & Encryption | Computers & Internet | Subjects | Books

General | Unix & Linux | O'Reilly | By Publisher | Books

Linux | Unix & Linux | O'Reilly | By Publisher | Books

Internet Security | O'Reilly | By Publisher | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0596006705

Book Description

Linux consistently appears high up in the list of popular Internet servers, whether it's for the Web, anonymous FTP, or general services such as DNS and delivering mail. But security is the foremost concern of anyone providing such a service. Any server experiences casual probe attempts dozens of time a day, and serious break-in attempts with some frequency as well. This highly regarded book, originally titled Building Secure Servers with Linux, combines practical advice with a firm knowledge of the technical tools needed to ensure security. The book focuses on the most common use of Linux--as a hub offering services to an organization or the Internet--and shows readers how to harden their hosts against attacks. An all-inclusive resource for Linux users who wish to harden their systems, Linux Server Security covers general security such as intrusion detection and firewalling a hub, as well as key services such as DNS, the Apache Web server, mail, and secure shell. Author Michael D. Bauer, a security consultant, network architect, and lead author of the popular Paranoid Penguin column in the Linux Journal, carefully outlines the security risks, defines precautions that can minimize those risks, and offers recipes for robust security. He is joined on several chapters by administrator and developer Bill Lubanovic. A number of new security topics have been added for this edition, including:

Database security, with a focus on MySQL
Using OpenLDAP for authentication
An introduction to email encryption
The Cyrus IMAP service, a popular mail delivery agent
The vsftpd FTP server

Geared toward Linux users with little security expertise, the author explains security concepts and techniques in clear language, beginning with the fundamentals. Linux Server Security with Linux provides a unique balance of "big picture" principles that transcend specific software packages and version numbers, and very clear procedures on securing some of those software packages on several popular distributions. With this book in hand, you'll have both the expertise and the tools to comprehensively secure your Linux system.

Customer Reviews:

Disappointed about the installation instructions........2005-08-06

The big reason why I purchased this book was because it claimed it was great about security and it said it would show how to setup these services the correct way.
Well first of all this author loves to use the binary packages (RPMs, etc.). And anyone that is a major security buff knows that the RPMs are the last things to get updated when a flaw is found out.
Secondly that's all the user shows for the installation of most of the software is how to do it with a binary distribution. So unless you are using Suse, Redhat, Fedora it is quite useless. This book should indicate that it made for those distributions and it is not general "Linux".

Also his views on running some of the software is really off the wall. But that is just a personal preference I guess.

Overall if he would have used the regular "./configure ---comands", "make", "make install" this book would have been much better and it would have been able to be used for those that don't want to be stuck in "rpm hell".

Not Focused.......2005-06-13

I read every column of paranoid penguin and they are quite good. This book is ok, but not great. They (I mean they because several chapters are not by Mike) try to cover a huge amount of information and make the mistake of being both too broad in some areas and too specific in others. Overall, there wasn't a cohesive glue to bring the chapters together into a single vision.

For instance, for a book that introduces FTP servers, web servers, mail (imap/smtp), dns - they are like separate entities. They do not complete the picture by showing a complete network diagram with IDS / VPN, -- showing an example of all of their advice coming together in a working solution. And Kerberos isn't even mentioned.

They were extremely specific in some areas like talking about rpm example/debian/ make options and specific .conf options ad nauseum - which detracted from the whole picture. Is someone securing bind 4 really reading this book? Also, maybe a mention of apt-get - - but don't tell me how to install each package on every architecture - it just inflates the word count.

I don't think this book was focused enough in the 'big picture' of trying to piece together all of the tiny pieces into a coherant whole, while at the same time it gets cought up in the minute details of certain packages making for a tough read.

Perhaps they could have included an actual example company or two showing possible layouts of ldap in action with:
login/mail/split-dns/firewalls/database$web.

Anyone for OpenBSD?

For sys admins.......2005-06-03

Linux Server Security, Second Edition
By Michael D. Bauer
Second Edition January 2005
ISBN: 0-596-00670-5
544 pages, $44.95 US
(...)
This book goes along with the moving trend of the normal computer user, securing your data. Servers generally are targeted more often than the average home PC because most are made to be accessible from the outside world. This is where securing that server comes into play. This book covers the tools and techniques to securing your Bastion host.

First I'd like to start out and explain what Bastion host means as according this book so you can understand what this book covers more specifically. Bastion Host is defined as "A system that runs publicly accessible services but is usually not itself a firewall. Bastion hosts are what we put on DMZ (although they can be put anywhere). The term implies that a certain amount of system hardening has been done, but sadly, this is not always the case."

After you understand what a Bastion host is defined as, you should understand that this book mainly covers these server daemons and the systems that run them. But some of the information applies to a Linux desktop system such as a per host iptables firewall, using secure shell, keeping up with your logs, and intrusion detection. Most of these things the average user doesn't care much about but sometimes being paranoid comes in handy.

Someone who would most likely use this book more than the average desktop user would probaly be a system administrator. Securing web, database, ftp, dns, and email servers is what majority of this book contains. Along with covering these server systems, there are guides to securing the Linux system that runs these daemons along with designing the networks around these types of hosts.

One of the sections I'm most fond of is Chapter 2: Designing Perimeter Networks. With this section you can really take a look at the design and layout of the different types of networks and figure out the portions that suit your needs for your own network. The diagrams shown in this chapter help explain what is going on with the traffic and allows you to see exactly what is going on and at what points the systems are protected.

At the end of the book there are 2 well commented iptables firewall scripted that allow you to get a feel for the netfilter iptables system if you're not familiar with it already. With some modification of these scripts you can easily bring them into a working environment depending on your situation, which sometimes these helps with some of the frustration with the iptables syntax. I personally prefer the PF system within OpenBSD for it's clean syntax and have grown away from iptables, but both are powerful firewall systems and should fit the needs of your network.

I'd definitely recommend this book to system admins or anyone who is paranoid about their security. Security is always something that people should be educated about.

Lloyd Randall
Pensacola Linux User's Group

Great Reference for New Server Admins.......2005-03-22

I highly recommend this book to anyone who is involved with securing Internet servers. The book strikes a nice balance between theoretical background and implementation examples.

Though certainly not all encompassing, the book touches on several key elements of server security, including DNS, Email, File Servers, Web Services, IDS methods and more. People new or just curious about Linux server security will gain the most. More experienced system administrators will find a few implementation tips and useful background information for presentation or training purposes.

Unlike many server security books, this one includes some notes on alternatives to the most popular software packages. For example, the chapter on securing Internet email includes excellent tips on securing both Sendmail and Postfix while the IDS chapter covers the popular Tripwire package and some lesser-known integrity checkers. References and the end of each chapter are provided to point you to even more solutions.

This book certainly will not replace a dedicated reference volume, but I find it to be a good summary of major security practices for bastion hosts. Note that the book focuses primarily on host hardening. Though there are some sections on network security, most of the chapters focus on locking down your server. So if you are mainly interested in network clusters, network surveillance, or honeypots, you will probably want to find another reference. Also, if you have several years of experience, you may not find too much new information, but the book is a handy reference volume that can point you in the right direction. If, however, you are new to Linux server security or just simply want a concise summary of common security practices, then this will be a welcomed addition to your technical library.

Very helpful.......2005-03-07

I am quite happy that there are books like Linux Server Security.

A lot of people think Linux is bullet proof, but its not. If not configured correctly, it can be just as insecure as Windows.

Linux Server Security is an important and timely book in that it shows how to harden Linux to be very secure.

Books:

Books Index

Books Home

Recommended Books